Module: device
Inheritance diagram
Configuration tree diagram
Class Reference
Device module contains objects that exist in the ‘Device’ tab in the firewall GUI
- class panos.device.Administrator(*args, **kwargs)[source]
Administrator object
- Parameters:
name (str) – Admin name
authentication_profile (str) – The authentication profile
web_client_cert_only (bool) – Use only client certificate authentication (Web)
superuser (bool) – Admin type - superuser
superuser_read_only (bool) – Admin type - superuser, read only
panorama_admin (bool) – Panonrama - a panorama admin only
device_admin (bool) – Admin type - device admin
device_admin_read_only (bool) – Admin type - device admin, read only
vsys (list/str) – Physical firewalls: the vsys this admin should manage
vsys_read_only (list/str) – Physical firewalls: the vsys this read only admin should manage
ssh_public_key (str) – Use Public Key Authentication (SSH)
role_profile (str) – The role based profile
password_hash (encrypted str) – The encrypted password
password_profile (str) – The password profile for this user
vsys_device (list) – The vsys list (excluded)
vsys_read_only_device (list) – The read-only device list (excluded)
- class panos.device.AdvancedRoutingEngine(*args, **kwargs)[source]
Note: This is valid for PANS-OS 10.2+.
- Parameters:
enable (bool) – Enable advanced routing engine
- class panos.device.AuthenticationProfile(*args, **kwargs)[source]
Authentication profile object.
Note: This is valid for PAN-OS 8.0+.
- Parameters:
name (string) – The name
profile_type – Authentication profile type. Valid values are “none” (default), “kerberos”, “ldap”, “local-database”, “radius”, “saml-idp”, or “tacplus”.
server_profile (string) – Login method server profile
retrieve_user_group (bool) – Retrieve user group from RADIUS or TACACS+
ldap_login_attribute (string) – LDAP login attribute
ldap_password_expiry_warning (string) – LDAP number of days prior to warning a user about password expiry
kerberos_realm (string) – Kerberos realm name to be used for authentication
saml_request_signing_certificate (string) – SAML-IDP request signing certificate
saml_enable_single_logout (bool) – SAML enable single_logout
saml_certificate_profile (string) – SAML certificate profile
saml_username_attribute (string) – SAML attribute name usrname
saml_user_group_attribute (string) – SAML attribute name user group
saml_admin_role_attribute (string) – SAML attribute name admin role
saml_access_domain_attribute (string) – SAML attribute name access domain
user_domain (string) – User domain
username_modifier (string) – Username modifier
sso_realm (string) – Single-sign-on Kerberos realm
sso_service_principal (string) – Single-sign-on Kerberos service principal
sso_keytab (string) – Single-sign-on Kerberos keytab
mfa_enable (bool) – Multi factor auth enable
mfa_factors (list) – Multi factor auth factors
allow_list (list) – Allow users
failed_attempts (int) – number of permitted failed attempts
lockout_time (int) – amount of time use will be locked
- class panos.device.AuthenticationSequence(*args, **kwargs)[source]
Authentication Sequence object.
Note: This is valid for PAN-OS 7.0+.
- Parameters:
name (string) – The name
authentication_profiles (list) – The authentication profiles
use_domain_find_profile (bool) – Use domain find profile
- class panos.device.CertificateProfile(*args, **kwargs)[source]
Certificate profile object.
- Parameters:
name (str) – The name
username_field (str) – The username field. Valid values are “subject”, “subject-alt”, or “none”.
username_field_value (str) – The value for the given username_field.
domain (str) – The domain.
use_crl (bool) – Use CRL.
use_ocsp (bool) – Use OCSP.
crl_receive_timeout (int) – CRL receive timeout (sec).
ocsp_receive_timeout (int) – OCSP receive timeout (sec).
certificate_status_timeout (int) – Certificate status timeout (sec).
block_unknown_certificate (bool) – Block session if certificate status is unknown.
block_certificate_timeout (bool) – Block if a session certificate status can’t be retrieved within timeout.
block_unauthenticated_certificate (bool) – (PAN-OS 7.1) Block session if the certificate was not issued to the authenticating device.
block_expired_certificate (bool) – (PAN-OS 8.1) Block session if the certificate is expired.
ocsp_exclude_nonce (bool) – (PAN-OS 9.0) Whether to exclude nonce extension for OCSP requests.
- class panos.device.CertificateProfileCaCertificate(*args, **kwargs)[source]
CA certificate for a certificate profile.
- Parameters:
name (str) – The name.
default_ocsp_url (str) – Default URL for OCSP verification.
ocsp_verify_certificate (str) – Certificate to verify signature in OCSP response.
template_name (str) – (PAN-OS 9.0+) Template name / OID for the certificate.
- class panos.device.EmailServer(*args, **kwargs)[source]
An email server in a email server profile.
- Parameters:
name (str) – The name
display_name (str) – Display name
from (str) – From email address
to (str) – To email address
also_to (str) – Additional destination email address
email_gateway (str) – IP address or FQDN of email gateway to use
protocol (str) – (PAN-OS 10.0+) SMTP for clear-text or TLS for encrypted
port (int) – (PAN-OS 10.0+) Port number
tls_version (str) – (PAN-OS 10.0+) TLS handshake protocol version.
auth (str) – (PAN-OS 10.0+) Authentication type.
certificate_profile (str) – (PAN-OS 10.0+) Certificate profile for validating server certificate.
username (str) – (PAN-OS 10.0+) Authentication username.
password (str) – (PAN-OS 10.0+) Authentication password.
- class panos.device.EmailServerProfile(*args, **kwargs)[source]
An email server profile.
- Parameters:
name (str) – The name
config (str) – Custom config log format
system (str) – Custom system log format
threat (str) – Custom threat log format
traffic (str) – Custom traffic log format
hip_match (str) – Custom HIP match log format
url (str) – (PAN-OS 8.0+) Custom URL log format
data (str) – (PAN-OS 8.0+) Custom data log format
wildfire (str) – (PAN-OS 8.0+) Custom WildFire log format
tunnel (str) – (PAN-OS 8.0+) Custom tunnel log format
user_id (str) – (PAN-OS 8.0+) Custom user-ID log format
gtp (str) – (PAN-OS 8.0+) Custom GTP log format
auth (str) – (PAN-OS 8.0+) Custom authentication log format
sctp (str) – (PAN-OS 8.1+) Custom SCTP log format
iptag (str) – (PAN-OS 9.0+) Custom Iptag log format
escaped_characters (str) – Characters to be escaped
escape_character (str) – Escape character
- class panos.device.HttpAuthHeader(*args, **kwargs)[source]
HTTP header for auth.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpAuthParam(*args, **kwargs)[source]
HTTP param for auth.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.HttpConfigHeader(*args, **kwargs)[source]
HTTP header for config.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpConfigParam(*args, **kwargs)[source]
HTTP param for config.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.HttpDataHeader(*args, **kwargs)[source]
HTTP header for data.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpDataParam(*args, **kwargs)[source]
HTTP param for data.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.HttpDecryptionHeader(*args, **kwargs)[source]
HTTP header for Decryption.
Note: This is valid for PAN-OS 10.0+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpDecryptionParam(*args, **kwargs)[source]
HTTP param for Decryption.
Note: This is valid for PAN-OS 10.0+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.HttpGlobalProtectHeader(*args, **kwargs)[source]
HTTP header for GlobalProtect.
Note: This is valid for PAN-OS 9.1+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpGlobalProtectParam(*args, **kwargs)[source]
HTTP param for GlobalProtect.
Note: This is valid for PAN-OS 9.1+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.HttpGtpHeader(*args, **kwargs)[source]
HTTP header for GTP.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpGtpParam(*args, **kwargs)[source]
HTTP param for GTP.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.HttpHipMatchHeader(*args, **kwargs)[source]
HTTP header for HIP match.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpHipMatchParam(*args, **kwargs)[source]
HTTP param for HIP match.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.HttpIpTagHeader(*args, **kwargs)[source]
HTTP header for IP tag.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpIpTagParam(*args, **kwargs)[source]
HTTP param for IP tag.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.HttpSctpHeader(*args, **kwargs)[source]
HTTP header for SCTP.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpSctpParam(*args, **kwargs)[source]
HTTP param for SCTP.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.HttpServer(*args, **kwargs)[source]
A single HTTP server in a HTTP server profile.
- Parameters:
name (str) – The name
address (str) – IP address or FQDN of HTTP server to use
protocol (str) – HTTPS (default) or HTTP
port (int) – Port number (default: 443).
tls_version (str) – (PAN-OS 9.0+) TLS handshake protocol version. Valid values are 1.0, 1.1, or 1.2.
certificate_profile (str) – (PAN-OS 9.0+) Certificate profile for validating server certificate
http_method (str) – HTTP method to use (default: POST).
username (str) – Username for basic HTTP auth
password (str) – Password for basic HTTP auth
- class panos.device.HttpServerProfile(*args, **kwargs)[source]
A HTTP server profile.
Note: This is valid for PAN-OS 8.0+.
- Parameters:
name (str) – The name
tag_registration (bool) – The server should have User-ID agent running in order for tag registration to work
config_name (str) – Name for custom config format
config_uri_format (str) – URI format for custom config format
config_payload (str) – Payload for custom config format
system_name (str) – Name for custom system format
system_uri_format (str) – URI format for custom system format
system_payload (str) – Payload for custom system format
threat_name (str) – Name for custom threat format
threat_uri_format (str) – URI format for custom threat format
threat_payload (str) – Payload for custom threat format
traffic_name (str) – Name for custom traffic format
traffic_uri_format (str) – URI format for custom traffic format
traffic_payload (str) – Payload for custom traffic format
hip_match_name (str) – Name for custom HIP match format
hip_match_uri_format (str) – URI format for custom HIP match format
hip_match_payload (str) – Payload for custom HIP match format
url_name (str) – Name for custom url format
url_uri_format (str) – URI format for custom url format
url_payload (str) – Payload for custom url format
data_name (str) – Name for custom data format
data_uri_format (str) – URI format for custom data format
data_payload (str) – Payload for custom data format
wildfire_name (str) – Name for custom wildfire format
wildfire_uri_format (str) – URI format for custom wildfire format
wildfire_payload (str) – Payload for custom wildfire format
tunnel_name (str) – Name for custom tunnel format
tunnel_uri_format (str) – URI format for custom tunnel format
tunnel_payload (str) – Payload for custom tunnel format
user_id_name (str) – Name for custom User-ID format
user_id_uri_format (str) – URI format for custom User-ID format
user_id_payload (str) – Payload for custom User-ID format
gtp_name (str) – Name for custom GTP format
gtp_uri_format (str) – URI format for custom GTP format
gtp_payload (str) – Payload for custom GTP format
auth_name (str) – Name for custom auth format
auth_uri_format (str) – URI format for custom auth format
auth_payload (str) – Payload for custom auth format
sctp_name (str) – (PAN-OS 8.1+) Name for custom SCTP format
sctp_uri_format (str) – (PAN-OS 8.1+) URI format for custom SCTP format
sctp_payload (str) – (PAN-OS 8.1+) Payload for custom SCTP format
iptag_name (str) – (PAN-OS 9.0+) Name for custom IP tag format
iptag_uri_format (str) – (PAN-OS 9.0+) URI format for custom IP tag format
iptag_payload (str) – (PAN-OS 9.0+) Payload for custom IP tag format
globalprotect_name (str) – (PAN-OS 9.1+) Name for custom GlobalProtect format
globalprotect_uri_format (str) – (PAN-OS 9.1+) URI format for custom GlobalProtect format
globalprotect_payload (str) – (PAN-OS 9.1+) Payload for custom GlobalProtect format
decryption_name (str) – (PAN-OS 10.0+) Name for custom Decryption format
decryption_uri_format (str) – (PAN-OS 10.0+) URI format for custom Decryption format
decryption_payload (str) – (PAN-OS 10.0+) Payload for custom Decryption format
- class panos.device.HttpSystemHeader(*args, **kwargs)[source]
HTTP header for system.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpSystemParam(*args, **kwargs)[source]
HTTP param for system.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.HttpThreatHeader(*args, **kwargs)[source]
HTTP header for threat.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpThreatParam(*args, **kwargs)[source]
HTTP param for threat.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.HttpTrafficHeader(*args, **kwargs)[source]
HTTP header for traffic.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpTrafficParam(*args, **kwargs)[source]
HTTP param for traffic.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.HttpTunnelHeader(*args, **kwargs)[source]
HTTP header for tunnel.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpTunnelParam(*args, **kwargs)[source]
HTTP param for tunnel.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.HttpUrlHeader(*args, **kwargs)[source]
HTTP header for URL.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpUrlParam(*args, **kwargs)[source]
HTTP param for URL.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.HttpUserIdHeader(*args, **kwargs)[source]
HTTP header for user-ID.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpUserIdParam(*args, **kwargs)[source]
HTTP param for user-ID.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.HttpWildfireHeader(*args, **kwargs)[source]
HTTP header for WildFire.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The header name
value (str) – The header value
- class panos.device.HttpWildfireParam(*args, **kwargs)[source]
HTTP param for WildFire.
Note: This is valid for PAN-OS 8.0+
- Parameters:
name (str) – The param name
value (str) – The param value
- class panos.device.LdapServer(*args, **kwargs)[source]
An ldap server in a ldap server profile
- Parameters:
name (str) – The name
address (str) – IP address or FQDN of ldap server to use
port (str) – port number
- class panos.device.LdapServerProfile(*args, **kwargs)[source]
An ldap server profile.
Note: Valid for PAN-OS 7.0+.
- Parameters:
name (str) – The name
ldap_type (str) – Ldap profile type. Valid values are “other” (default), “active-directory”, “e-directory”, or “sun”.
base (str) – Base DN
bind_dn (str) – Bind DN
bind_password (str) – Bind password
bind_timelimit (int) – Bind timeout
timelimit (int) – Search timeout
retry_interval (int) – Retry interval
ssl (bool) – Require ssl/ttls secured connection
verify_server_certificate (bool) – Verify server certificate for ssl sessions
disabled (bool) – Disabled or not
- class panos.device.LocalUserDatabaseGroup(*args, **kwargs)[source]
A Local User Database group.
- Parameters:
name (str) – Name.
users (list) – The local users in this group.
- class panos.device.LocalUserDatabaseUser(*args, **kwargs)[source]
A Local User Database User.
- Parameters:
name (str) – Name.
password_hash (str) – The password hash.
disabled (bool) – Set to True if the user is disabled.
- class panos.device.LogSettingsConfig(*args, **kwargs)[source]
Firewall or Panorama device log settings configuration
Note: This is valid for PANS-OS 8.0+.
- Parameters:
name (string) – The name
filter (string) – Valid values are “All logs” (default) or create your own filter
description (string) – Description
send_to_panorama (bool) – Send to panorama
send_email (list) – Send email profile
send_snmp (list) – Send snmp profile
send_syslog (list) – Send syslog profile
send_http (list) – Send http profile
- class panos.device.LogSettingsSystem(*args, **kwargs)[source]
Firewall or Panorama device log settings system
Note: This is valid for PANS-OS 8.0+.
- Parameters:
name (string) – The name
filter (string) – Valid values are “All logs” (default) or create your own filter
description (string) – Description
send_to_panorama (bool) – Send to panorama
send_email (list) – Send email profile
send_snmp (list) – Send snmp profile
send_syslog (list) – Send syslog profile
send_http (list) – Send http profile
- class panos.device.NTPServer(*args, **kwargs)[source]
A primary or secondary NTP server
This is an abstract base class, do not instantiate it.
- Parameters:
address (str) – The IP address of the NTP server
- class panos.device.NTPServerPrimary(*args, **kwargs)[source]
A primary NTP server
Add to a
panos.device.SystemSettings
object- Parameters:
address (str) – IP address or hostname of NTP server
- class panos.device.NTPServerSecondary(*args, **kwargs)[source]
A secondary NTP server
Add to a
panos.device.SystemSettings
object- Parameters:
address (str) – IP address or hostname of NTP server
- class panos.device.PasswordProfile(*args, **kwargs)[source]
Password profile object
- Parameters:
name (str) – Password profile name
expiration (int) – Number of days until the password expires
warning (int) – Number of days warning before password expires
login_count (int) – Post expiration admin login count
grace_period (int) – Post expiration grace period
- class panos.device.SnmpServerProfile(*args, **kwargs)[source]
SNMP server profile.
- Parameters:
name (str) – The name
version (str) – SNMP version. Valid values are v2c (default) or v3.
- class panos.device.SnmpV2cServer(*args, **kwargs)[source]
SNMP V2C server in a server.
- Parameters:
name (str) – The name
manager (str) – IP address or FQDN of SNMP manager to use
community (str) – SNMP community
- class panos.device.SnmpV3Server(*args, **kwargs)[source]
SNMP V3 server.
- Parameters:
name (str) – The name
manager (str) – IP address or FQDN of SNMP manager to use
user (str) – User
engine_id (str) – A hex number
auth_password (str) – Authentication protocol password
priv_password (str) – Privacy protocol password
- class panos.device.SslDecrypt(*args, **kwargs)[source]
SSL decrypt configuration for certificates.
Note: PAN-OS 8.0+
- Parameters:
forward_trust_certificate_rsa (str) – RSA CA certificate for trusted sites.
forward_trust_certificate_ecdsa (str) – ECDSA CA certificate for trusted sites.
forward_untrust_certificate_rsa (str) – RSA CA certificate for untrusted sites.
forward_untrust_certificate_ecdsa (str) – ECDSA CA certificate for untrusted sites.
root_ca_excludes (list) – List of predefined root CAs to not trust.
trusted_root_cas (list) – List of trusted root CAs.
disabled_predefined_exclude_certificates (list) – Disabled predefined SSL exclude certificates.
- class panos.device.SslDecryptExcludeCert(*args, **kwargs)[source]
SSL decryption exclusion object.
Note: PAN-OS 8.0+
- Parameters:
name (str) – The name.
description (str) – Description.
exclude (bool) – Exclude boolean.
- class panos.device.SyslogServer(*args, **kwargs)[source]
A single syslog server in a syslog server profile.
- Parameters:
name (str) – The name
server (str) – IP address or FQDN of the syslog server
transport (str) – Syslog transport. Valid values are UDP (default), TCP, or SSL.
port (int) – Syslog port number.
format (str) – Format of the syslog message. Valid values are BSD (default) or IETF.
facility (str) – Syslog facility. Valid values are LOG_USER (default), or LOG_LOCAL0 through LOG_LOCAL7.
- class panos.device.SyslogServerProfile(*args, **kwargs)[source]
A syslog server profile.
- Parameters:
name (str) – The name
config (str) – Custom config log format
system (str) – Custom system log format
threat (str) – Custom threat log format
traffic (str) – Custom traffic log format
hip_match (str) – Custom HIP match log format
url (str) – (PAN-OS 8.0+) Custom URL log format
data (str) – (PAN-OS 8.0+) Custom data log format
wildfire (str) – (PAN-OS 8.0+) Custom WildFire log format
tunnel (str) – (PAN-OS 8.0+) Custom tunnel log format
user_id (str) – (PAN-OS 8.0+) Custom user-ID log format
gtp (str) – (PAN-OS 8.0+) Custom GTP log format
auth (str) – (PAN-OS 8.0+) Custom authentication log format
sctp (str) – (PAN-OS 8.1+) Custom SCTP log format
iptag (str) – (PAN-OS 9.0+) Custom Iptag log format
escaped_characters (str) – Characters to be escaped
escape_character (str) – Escape character
- class panos.device.SystemSettings(*args, **kwargs)[source]
Firewall or Panorama device system settings
Add only one of these to a parent object.
If you want to configure DHCP on the management interface, you should specify settings for dhcp_send_hostname and dhcp_send_client_id.
- Parameters:
hostname (str) – The hostname of the device
domain (str) – The domain of the device
ip_address (str) – Management interface IP address
netmask (str) – Management interface netmask
default_gateway (str) – Management interface default gateway
ipv6_address (str) – Management interface IPv6 address
ipv6_default_gateway (str) – Management interface IPv6 default gateway
dns_primary (str) – Primary DNS server IP address
dns_secondary (str) – Secondary DNS server IP address
timezone (str) – Device timezone
panorama (str) – IP address of primary Panorama
panorama2 (str) – IP address of secondary Panorama
login_banner (str) – Login banner text
update_server (str) – IP or hostname of the update server
verify_update_server (bool) – Verify the update server identity
dhcp_send_hostname (bool) – (DHCP Mngt) Send Hostname
dhcp_send_client_id (bool) – (DHCP Mngt) Send Client ID
accept_dhcp_hostname (bool) – (DHCP Mngt) Accept DHCP hostname
accept_dhcp_domain (bool) – (DHCP Mngt) Accept DHCP domain name
proxy_server (str) – Secure proxy server to use
proxy_port (int) – Port for secure proxy server
proxy_username (str) – Secure proxy user name to use
proxy_password (str) – Secure proxy password to use
- class panos.device.Telemetry(*args, **kwargs)[source]
Share telemetry data with Palo Alto Networks.
Join other Palo Alto Networks customers in a global sharing community, helping to raise the bar against the latest attack techniques. Your participation allows us to deliver new threat prevention controls across the attack lifecycle. Choose the type of data you share across applications, threat intelligence, and device health information to improve the fidelity of the protections we deliver. This is an opt-in feature controlled with granular policy, and we encourage you to join the community.
Add only one of these to a firewall.
- Parameters:
app_reports (bool) – Application reports
threat_reports (bool) – Threat preventioin reports
url_reports (bool) – URL reports
file_type_reports (bool) – File type identification reports
threat_data (bool) – Threat prevention data
threat_pcaps (bool) – Enable sending packet captures with threat prevention information. This requires that “threat_data” also be enabled.
product_usage_stats (bool) – Health and performance reports
passive_dns_monitoring (bool) – Passive DNS monitoring
- class panos.device.Vsys(*args, **kwargs)[source]
Virtual System (VSYS)
You can interact with virtual systems in two different ways:
Method 1. Use a
panos.firewall.Firewall
object with the ‘vsys’ variable set to a vsys identifier (eg. ‘vsys2’). In this case, you don’t need to use this Vsys class. Add other PanObject instances (likepanos.objects.AddressObject
) to the Firewall instanceMethod 2. Add an instance of this Vsys class to a
panos.firewall.Firewall
object. It is best practice to set the Firewall instance’s ‘shared’ variable to True when using this method. Add other PanObject instances (likepanos.objects.AddressObject
) to the Vsys instance.- Parameters:
name (str) – Vsys identifier (eg. ‘vsys1’, ‘vsys5’, etc)
display_name (str) – Friendly name of the vsys
interface (list) – A list of strings with names of interfaces or a list of
panos.network.Interface
objectsvlans (list) – A list of strings of VLANs
virtual_wires (list) – A list of strings of virtual wires
virtual_routers (list) – A list of strings of virtual routers
visible_vsys (list) – A list of strings of the vsys visible
dns_proxy (str) – DNS Proxy server
decrypt_forwarding (bool) – Allow forwarding of decrypted content
- property vsys
Return the vsys for this object
Traverses the tree to determine the vsys from a
panos.firewall.Firewall
orpanos.device.Vsys
instance somewhere before this node in the tree.- Returns:
The vsys id (eg. vsys2)
- Return type:
str
- class panos.device.VsysResources(*args, **kwargs)[source]
Resource constraints for a Vsys
- Parameters:
max_security_rules (int) – Maximum security rules
max_nat_rules (int) – Maximum nat rules
max_ssl_decryption_rules (int) – Maximum ssl decryption rules
max_qos_rules (int) – Maximum QOS rules
max_application_override_rules (int) – Maximum application override rules
max_pbf_rules (int) – Maximum policy based forwarding rules
max_cp_rules (int) – Maximum captive portal rules
max_dos_rules (int) – Maximum DOS rules
max_site_to_site_vpn_tunnels (int) – Maximum site-to-site VPN tunnels
max_concurrent_ssl_vpn_tunnels (int) – Maximum ssl VPN tunnels
max_sessions (int) – Maximum sessions